12 posts categorized "Ransomware"

01 September 2017

Spying, stealing, defacing. It’s been a busy week. These are the top security headlines for the week of August 28, 2017: The U.S. Navy says there’s no evidence of a cyber attack in the crash of the USS John S. McCain – but hypothetically, this is how it would work. Reuters reports cyber spies are using malware to target India and Pakistan – including decoy clickbait with Reuters reports. Yes, you read that right. Hurricane Harvey is a once in a 1,000 years disaster, but be careful before you donate. Scammers are registering domains to collect “donations” for bogus organizations....
Read more →

18 August 2017

Pseudo-ransomware and struggling security budgets. Here are the top security headlines for the week of August 14, 2017: Who would have thought we would long for the days when ransomware was ransomware. Now it’s all too complicated. Bitcoin is going mainstream, but does that mean it’s a bad investment? In a case of the cobbler’s children have no shoes, data brokers seem to be lacking basic security. Raise the roof! It looks like cybersecurity might be hitting a ceiling when it comes to spending. No spoilers, but HBO has been hacked again and OurMine is taking over their social accounts....
Read more →

11 August 2017

WannaCry and NotPetya aftermath means payouts and panic. Here are the top security headlines for the week of August 7, 2017: Big money, no whammies! It seems like the hackers behind WannaCry have cashed out their bitcoin into Monero, a harder to track cryptocurrency. Mo money means mo malware. The success – can we call it that? – of WannaCry and NotPetya means ransomware is not going away any time soon, because… well, people and businesses pay the ransom. What’s that definition of insanity? Oh yeah, doing the same thing and expecting a different result… Tripwire research indicates that two-thirds...
Read more →

14 July 2017

In what passes for a quiet week in the cybersecurity space, here are some of the top security headlines for the week of July 11, 2017: According to the Economic Times, cyber insurance companies haven’t been hit with claims from the summer’s cyberattacks – yet. “It would only need a combination of WannaCry’s wide reach and Petya’s destructive force to cost cyber insurers something like $2.5 billion...” Oh good – something to look forward to! In news that won’t surprise your family, 57% of IT security professionals work weekends. But those weekend warriors are up for the challenge, as 97%...
Read more →

20 June 2017

While the projected 1.8 million cybersecurity workforce gap is a staggering number, the Global Information Security Workforce Study did reveal which sectors are most aggressively looking to address this talent shortfall. Healthcare, retail and manufacturing top the list of industries looking to increase their cybersecurity workforce by more than 20% over the next year. Healthcare, in particular, is aiming for a 39% increase. It’s not surprising that they’re leading the charge to staff up, as Privacy Rights Clearninghouse reports that there were 223 known breaches to healthcare organizations in the United States in 2016 - and another 46 disclosed so...
Read more →

17 June 2017

From malware built to disrupt our critical infrastructure to front-line cyber soldiers, here are some of the top security headlines from the week of June 12: The malware cometh. The “nightmare” malware has been attacking power plants in Europe, causing blackouts and Daily Beast reports that U.S. companies have been warned. “I’m a Mac.” “You still might be in trouble.” That’s what security researchers are saying to Bleeping Computer after two new strains of Mac malware have been offered through the Dark Web over the last few weeks. Is the cloud really safer? Help Net Security found that most IT...
Read more →

09 June 2017

Infosecurity Europe took over London this week with “everyone and everything you need to know about information security.” Here are the headlines from the event that caught our eye this week: Are you ready for GDPR? With just under a year to go until implementation, SC Magazine UK asked the question “Can you purchase your way to GDPR compliance?” Short answer: No. No you can’t. No surprise here. In a room full of security pros, the U.K. government’s approach to encryption was a point of discussion following the recent terror attacks in the country. As expected, there were strong opinions...
Read more →

02 June 2017

A holiday week in the U.S. and U.K. means five days worth of headlines in four business days. Here’s what we saw this week… Wanna move on from WannaCry? Not so fast, my friend. BitSight looks at the global impact of the ransomware that spread two weeks ago and found that the ransom collected is only around $100,000. Dark Reading reports on cyber criminals attacking each other on the dark web. Can’t we all just get along? No, apparently not. The price of a breach is high. Bitdefender looks at the Ponemon Institute’s study of the impact on stock prices....
Read more →

22 May 2017

Not surprisingly, WannaCry remained top of mind last week. We’re sure you’re doing everything you can to patch your environment and prevent similar ransomware attacks in the future. Here are some WannaCry headlines (and other security news) that caught our eye last week. WannaCry Rolls On According to the Dark Reading article WannaCry's 'Kill Switch' May Have Been a Sandbox-Evasion Tool, researchers early last week were looking into the “kill switch” and consensus seemed to be building that it was a poorly constructed VM analysis/sandbox evasion technique. WIRED went a bit deeper with their assessment The WannaCry Ransomware Hackers Made...
Read more →

18 May 2017

The effects of WannaCry, the ransomware dominating international headlines, continue to be felt by organizations and individuals alike. If you or anyone you know has had a device infected, (ISC)2 has advice for stopping and remediating the attack. View the video below to see how you can respond to WannaCry:
Read more →

10 February 2017

This year’s (ISC)² Security Congress – with the theme “Leaders of Tomorrow” – will take place September 25-27 in Austin, Texas at the JW Marriott. For the first time, Security Congress will be a stand-alone event, without former partner ASIS International. “We value the partnership we had with ASIS International for the past six years, but it was time for Security Congress to stand on its own to address the programming needs expressed by our members,” says (ISC)² CEO David Shearer. The cybersecurity conference will host more than 90 educational sessions, as well as a town hall meeting, career center...
Read more →

30 September 2016

Ransomware has grown recently to become a significant threat to companies, governments and institutions worldwide. The reasons for its growth are not only due to technology – they can also be found in human activity and even the strategies and day-to-day operations of business. Steve Prentice with Cloud Tweaks recently interviewed some Certified Cloud Security Professionals (CCSPs) to get their take on how serious ransomware is, and how preventable it can be. He found there is much that can be done on the inside to keep these attacks from being wholly destructive to merely annoying. To learn more, read his...
Read more →

About the (ISC)² Blog

As the certifying body for more than 125,000 cyber, information, software and infrastructure security professionals worldwide, (ISC)² believes in the importance of open dialogue and collaboration. (ISC)² established this blog to provide a voice to certified members, who have significant knowledge and valuable insights that can benefit other security professionals and the public at large.

The (ISC)² blog gives members a forum to exchange ideas and inspires a safe and secure cyber world by supporting the advancement of the information security workforce via a public exchange with a broad range of information security topics.

Whether an (ISC)² member chooses to participate in the (ISC)² blog is his or her own decision. The postings on this site are the author's own and don't necessarily represent (ISC)²'s positions, strategies or opinions. (ISC)² monitors the blog in accordance with the (ISC)² Blog Guidelines, but the bloggers are responsible for their own content – common sense and intelligence should prevail.

Other than links to the (ISC)² website, (ISC)² does not control or endorse any links to products or services provided in this blog and makes no warranty regarding the content on any other linked website.

Those who post comments to (ISC)² blogs should ensure their comments are focused on relevant topics that relate to the specific blog being discussed. (ISC)² reserves the right to remove any post or comment from this site. Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org